Re: [classlib][archive]Security policy leads to vm crashes in loading class of JarFile

Fri, 13 Oct 2006 05:05:27 -0700

Sorry forget the security policy file.
And I add it as the attachment.

 
On 10/13/06, Leo Li <[EMAIL PROTECTED]> wrote:
Hi, all:
     During the self-hosting of Derby, I found a security policy  if is applied will lead to errors in loading the class of JarFile. IBM vm will throw java/lang/UnsatisfiedLinkError: java/util/zip/ZipFile.ntvi  while drlvm will crash with "SEH handler: shutdown errorSEH handler: too many shutdown errors..."
 
     Here is the testcase:
    

import java.util.jar.*;
public class TestJarFile {

 public static void main(String[] args) throws Exception{
  System.out.println(JarFile.CENATT);
   }

}

And the attachment is the derby_tests.policy.

Then run:

java -Djava.security.manager -Djava.security.policy=derby_tests.policy TestJarFile

Run passes,

Harmony on IBM VM fails with java/lang/UnsatisfiedLinkError: java/util/zip/ZipFile.ntvi 

Harmony on Drlvm fails with SEH handler: shutdown errorSEH handler: too many shutdown errors

If the security manager is not specified, Harmony passes.


--
Leo Li
China Software Development Lab, IBM




--
Leo Li
China Software Development Lab, IBM 
//
// Policy file with minimal set of permissions to run derby's
// functional tests.
//
// The test harness sets up three variables used by this policy file
//
// derbyTesting.codejar - URL to the jar files when they are in the classpath
// derbyTesting.codeclasses - URL to the classes directory when it is in the 
classpath
//
// Only one of derbyTesting.codejar and derbyTesting.codeclasses will be valid, 
the
// other will be set to a bogus URL like file://unused
//
// derbyTesting.codedir - File location of either derbyTesting.codejar or 
derbyTesting.codeclasses.
// Only required due to a BUG (see below for more info).
//
// 
// derbyTesting.serverhost - Host name or ip where network server is started 
// derbyTesting.clienthost - specifies the clients ip address/hostName. 
//     when testing with networkserver on a remote host, this needs to be 
passed in 
//     with the NetworkServerControl start command

//
// Permissions for the embedded engine (derby.jar)
//
grant codeBase "${derbyTesting.codejar}derby.jar" {
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
  
  // unit tests (e.g. store/T_RecoverFullLog) set this property 
  // (called from derbyTesting.jar through code in derby.jar)
  permission java.util.PropertyPermission "derbyTesting.unittest.*", "write";

  permission java.lang.RuntimePermission "createClassLoader";
  
  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", 
"read";
  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, 
write, delete";
  permission java.io.FilePermission "${derby.system.home}", "read";
  
  // all databases under derby.system.home 
  permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, 
delete";

  // Import/export and other support files from these locations in tests
  permission java.io.FilePermission "${user.dir}${/}extin${/}-", "read";
  permission java.io.FilePermission "${user.dir}${/}extinout${/}-", "read,  
write, delete";
  permission java.io.FilePermission "${user.dir}${/}extout${/}-", "write";
  permission java.io.FilePermission "${user.dir}${/}extinout", "read,write";
  
  // These permissions are needed to load the JCE for encryption with Sun and 
IBM JDK131.
  // JDK14 has the JCE  preloaded
  permission java.security.SecurityPermission "insertProvider.SunJCE";
  permission java.security.SecurityPermission "insertProvider.IBMJCE";
 
};

//
// Permissions for the network server (derbynet.jar)
//
grant codeBase "${derbyTesting.codejar}derbynet.jar" {
  permission java.util.PropertyPermission "java.class.path", "read";//sysinfo
  
  // accept is needed for the server accepting connections
  // connect is needed for ping command (which is in the server jar)
  permission java.net.SocketPermission "127.0.0.1", "accept,connect";
  permission java.net.SocketPermission "localhost", "accept,connect";
  permission java.net.SocketPermission "${derbyTesting.clienthost}", 
"accept,connect";
  permission java.net.SocketPermission "${derbyTesting.serverhost}", 
"accept,connect";
  
};

//
// Permissions for the network client (derbyclient.jar)
//
grant codeBase "${derbyTesting.clientjar}derbyclient.jar" {
  permission java.net.SocketPermission "127.0.0.1", "connect,resolve";
  permission java.net.SocketPermission "localhost", "connect,resolve";
  permission java.net.SocketPermission "${derbyTesting.serverhost}", 
"connect,resolve";

  // DERBY-1883: Since some classes that are included in both derby.jar and
  // derbyclient.jar read properties, derbyclient.jar needs permission to read
  // derby.* properties to avoid failures when it is listed before derby.jar in
  // the classpath.
  permission java.util.PropertyPermission "derby.*", "read";

};

//
// Permissions for the tools (derbytools.jar)
// Ideally this would be more secure, for now the
// focus is on getting the engine & network server secure.
//
grant codeBase "${derbyTesting.codejar}derbytools.jar" {
  // Access all properties using System.getProperties
  permission java.util.PropertyPermission "*", "read, write";
  
  // Read all files under ${user.dir}
  permission java.io.FilePermission "${user.dir}${/}-", "read";
  
  // ij needs permission to read the sql files in this jar
  permission java.io.FilePermission 
"${derbyTesting.codedir}${/}derbyTesting.jar", "read";
  
};

//
// Permissions for the tests (derbyTesting.jar)
// We are liberal here, it's not a goal to make the test harness
// or tests secure.
//
grant codeBase "${derbyTesting.testjar}derbyTesting.jar" {
  // Access all properties using System.getProperties
  permission java.util.PropertyPermission "*", "read, write";
  
  // Access all files under ${user.dir}to write the test directory structure
  permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; 

  // When running with useprocess=false need to install and uninstall
  // the security manager and allow setIO to change the system err and out
  // streams. Currently the nist suite runs with useprocess=false.
  permission java.lang.RuntimePermission "setSecurityManager";
  permission java.lang.RuntimePermission "setIO"; 
};

//
// super-set of the jar permissions for running out of the classes directory
//
grant codeBase "${derbyTesting.codeclasses}" {
  // Access all properties using System.getProperties
  permission java.util.PropertyPermission "*", "read, write";
  
  permission java.util.PropertyPermission "derby.*", "read";
  permission java.lang.RuntimePermission "createClassLoader";
   
  permission java.io.FilePermission "${derby.system.home}${/}derby.properties", 
"read";
  permission java.io.FilePermission "${derby.system.home}${/}derby.log", "read, 
write, delete";
  permission java.io.FilePermission "${derby.system.home}", "read";
  permission java.io.FilePermission "${derby.system.home}${/}-", "read, write, 
delete";

  // combination of client and server side.
  permission java.net.SocketPermission "127.0.0.1", "accept,connect,resolve";
  permission java.net.SocketPermission "localhost", "accept,connect,resolve";
  permission java.net.SocketPermission "${derbyTesting.clienthost}", 
"accept,connect";
  permission java.net.SocketPermission "${derbyTesting.serverhost}", 
"connect,resolve";
  
  // Access all files under ${user.dir}to write the test directory structure
  // Also covers extin, extout and extinout locations
  permission java.io.FilePermission "${user.dir}${/}-", "read,write,delete"; 
    
  // These permissions are needed to load the JCE for encryption with Sun and 
IBM JDK131.
  // JDK14 has the JCE  preloaded
  permission java.security.SecurityPermission "insertProvider.SunJCE";
  permission java.security.SecurityPermission "insertProvider.IBMJCE";

  // When running with useprocess=false need to install and uninstall
  // the security manager and allow setIO to change the system err and out
  // streams. Currently the nist suite runs with useprocess=false.
  permission java.lang.RuntimePermission "setSecurityManager";
  permission java.lang.RuntimePermission "setIO"; 
};

// JUnit jar file tries to read junit.properties in the user's
// home directory and seems to require permission to read the
// property user.home as well.
// Ideally these would be granted to junit.jar only but currently
// the jar may be anyway on a file system. Could expand the test harness
// to look for junit.jar on the classpath as it done for the Derby jars.
// The exposure in making these properties grantable to all is somewhat low,
// though reading the property user.home is a little troubling.
grant {
    permission java.util.PropertyPermission "user.home", "read";
    permission java.io.FilePermission "${user.home}${/}junit.properties", 
"read";
};

---------------------------------------------------------------------
Terms of use : http://incubator.apache.org/harmony/mailing.html
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to